An information leakage can result in grave consequences. Consider the recent SolarWinds supply chain attack which transpired from the exposure of a critical, and inanely simple, internal password (solarwinds123). In this way, making the recent findings by the Synopsys Cybersecurity Research Center (CyRC) especially troubling.
The analysis of over 3,000 popular Android mobile apps showed information leakage to be commonplace. Passwords, user credentials, email addresses and tokens are among the information found. With this information, malicious actors can access someone’s servers, systems or sensitive data and plant malware or even access banking apps.
In addition to this, many of these apps demand excessive use of mobile permissions. Indeed, CyRC found an average of 4.5 sensitive permissions per application. Tools for teachers is one category that posed a significant concern. In fact, one application with over a million downloads was found to require 11 permissions that Google classifies as “Protection Level: Dangerous”.
The report also found that the majority of apps (63%) contained open source components with known security vulnerabilities, with an average of 39 vulnerabilities per vulnerable app. Nearly half of these (44%) have been identified as high risk because they either have been actively exploited or are associated with documented proof-of-concept (PoC) exploits. Just under five percent of the vulnerabilities are associated with an exploit or PoC exploit and have no fix available. One percent of the vulnerabilities are classified as remote code execution (RCE) vulnerabilities—which is recognized by many as the most severe class of vulnerability. 0.64% are classified as RCE vulnerabilities and are associated with an active exploit or PoC exploit.
Top free games, top-gros ..
Support the originator by clicking the read the rest link below.
